|
| Home > Topics > Phishing |
|
Phishing |
|
Fraudsters on the Internet do not stop at installing key loggers and spy ware on your computer to ruin your day. They go a step further-they pry on your bank accounts, gather account information, and then use it like its their own. And how do they do it?
By Phishing (pronounced as Fishing)
So what is phishing? You always admired how convenient it is for you to access your bank account online and transact. What if someone (else) could transact using that little piece of information in your head-your account password? Worse, what if you were to give it to a fraudster yourself without you knowing it? Before you dismiss that thought, let us tell you that they know of a way to make you do that. |
How is it done?
Your bank website is where you will most always use your account details and password without worrying about it much. Thats secure alright, but if you were displayed a Web interface which so closely resembles that of your bank, you are subconsciously programmed to assume it to be your bank and provide your login details, which may include your account number, your credit card number, and a password. This is what the fraudster wants.
The fraudster uses a Web design and a URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. In the world of Internet fraud, this trick of sending emails to gather personal and banking information leading to identity theft is called phishing.
For example, a fraudster designs a website that very closely resembles that of your bank and hosts it at a URL, which is also similar to that of the bank (for example, www.your-ownbank.com instead of the original www.your-bank.com). The fraudster then sends emails (seem to be coming from legitimate sources) at random, asking you to verify or update your account details.
Here is what the fraudster wishes will occur: you believe the urgent need to update your information and as mentioned in the email, you click on the link. The link takes you to the website the fraudster created (www.your-ownbank.com or www.fraudster-website.com/your-bank/login). You then enter your account details and password (sadly, it is for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters (encryption is his enemy, remember!). This is when your account becomes susceptible to use by the fraudster in any way as he pleases |
| Top |
What is the impact?
Phishing has been around for a few years now and growing in strength. Once your account details are gathered, you are at the mercy of the fraudster as to how they would be used-withdrawals, transfers, checks, to name a few common usages. |
| Top |
What can you do to avoid it?
Here are some ways of Identity theft prevention and protection from internet fraud: |
- When you receive emails claiming to be sent by financial institution asking you to enter your account details, DO NOT do so! Your institution already has your details and clearly would not want them again.
- Check if the email that you receive has your name spelt correctly. Fraudsters simply try to guess your name by your email address. DO NOT open emails that have your name spelt incorrectly.
- Check the email to see if it is addressed to your name. Fraudsters never personalize emails, they will refer you as Dear Customer or Dear Valued Customer because they send emails randomly to a million email addresses and they even do not know that you have an account with the bank. Your bank or e-commerce company on the other hand will refer you with your name.
- DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following:
- The bank is trying to protect you from a fraud.
- The bank needs some security and maintenance update on your account as asks for your account details.
- You are to receive a refund.
- You are to receive a prize
- If you receive such email always check back with your back directly or speak to the customer service representative of the bank.
- NEVER enter your credit card details and password in a website which you suspect is not genuine.
- DO NOT share your account details, password, or credit card details with anyone who you do not know or trust.
- DO NOT open unsolicited emails.
- It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email.
- Verify the website URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original.
- Log in to your accounts regularly and look for account transactions that you do not recognize.
- DO NOT send your account details and/or password over an email to anyone.
- Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one.
- Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user.
|
| Top |
Sharing and Caring
The fight against phishing requires one crucial resource that is at your disposal-knowledge. You know what phishing is and what havoc it could cause to a novice Internet user. Therefore, please share information of Internet fraud with your family and friends. |
| Top |
|
|
|
